Listening to What Isn’t Said: The Limits of Data-Driven Decision Making

Listening to What Isn’t Said: The Limits of Data-Driven Decision Making 

By Tom Glover, Chief Revenue Officer at Responsive Technology Partners 

The dashboard showed green across every metric. Client satisfaction scores were up. Ticket resolution times had improved by 14%. The data painted a picture of a healthy, stable relationship. 

Yet sitting across from the client’s CIO in their conference room, I knew we were in trouble. Not because of anything he said—his words were measured, professional, appropriate. But because of what he didn’t say. The pause that lasted half a second too long when I mentioned our upcoming service review. The way his eyes drifted to his phone when we discussed next quarter’s security initiatives. The absence of the casual banter that usually opened our meetings. 

Three weeks later, we received notice they’d be conducting a security vendor review. The dashboard never saw it coming. 

That experience, early in my career, taught me something that decades of data analytics haven’t changed: some of the most important information in business never makes it into a report. It lives in tone of voice, in hesitations, in what people carefully avoid mentioning. It exists in the space between what’s said and what’s meant. 

We live in an era obsessed with quantification. Every interaction gets logged, every behavior gets measured, every outcome gets tracked. This data discipline has enormous value—I’ve spent much of my career helping organizations make better decisions through improved data analysis. But somewhere along the way, many leaders made a dangerous assumption: that if something matters, it can be measured. And conversely, that if something can’t be measured, it doesn’t matter. 

This assumption is killing our ability to see what’s actually happening in our organizations. 

The Tyranny of the Dashboard 

Modern business intelligence tools have given us unprecedented visibility into our operations. We can see real-time metrics on virtually every aspect of our business. This visibility creates a seductive illusion: that we’re seeing the whole picture. 

But dashboards show us what we’ve decided to measure. They don’t show us what we didn’t think to measure, couldn’t figure out how to quantify, or what exists in the spaces between our measurement points. 

A healthcare client of mine learned this the hard way. Their IT infrastructure monitoring showed 99.7% uptime. Their help desk tickets were trending down. Every technical metric suggested their systems were healthy. Yet productivity was dropping, staff turnover in their clinical units was rising, and patient satisfaction scores were declining. 

When we dug deeper, we discovered the real story. Their electronic health records system had become so slow during peak hours that clinicians had developed elaborate workarounds. They stopped reporting tickets because past experience taught them nothing would change. The technical metrics looked great because the system was technically “up”—it just took six clicks and thirty seconds to do what used to take two clicks and five seconds. 

The doctors and nurses didn’t articulate this in tickets or surveys. They just quietly started spending an extra hour each day on documentation, or coming in earlier to get paperwork done before patient hours began. The frustration showed up in their tone when discussing the EHR, in the resignation in their voices during team meetings, in the way they changed the subject when IT staff asked how things were going. 

The dashboard never captured any of it. But anyone who spent time on the floors could feel it. 

Reading the Room 

Some of the most critical intelligence gathering happens in moments that generate no data trail. The vendor who emphasizes how “committed” they are to the relationship without being asked. The team member who says “yes, I can handle that” but whose body language screams the opposite. The client who agrees to every recommendation but somehow never moves forward with implementation. 

These signals don’t fit neatly into a database field. You can’t graph them or trend them over time. But they often tell you more about the true state of your relationships and operations than any report. 

In my work with business leaders, I’ve noticed that newer executives often struggle with this. They’ve been trained in data-driven decision making. They’re comfortable with spreadsheets and dashboards. They trust what they can quantify. But they’re sometimes blind to the undercurrents that more experienced leaders sense immediately. 

The experienced CFO who knows the company’s financial situation is worse than the numbers suggest because the CEO’s tone in budget discussions has shifted from confident to defensive. The veteran sales director who can tell a deal is slipping away because the client’s questions have moved from “how” to “whether.” The long-tenured operations manager who knows morale is dropping not from survey data, but from the way people interact in the hallways. 

This isn’t mysticism. It’s pattern recognition built from thousands of previous interactions. It’s the ability to notice when normal patterns get disrupted. It’s understanding that what people choose not to say often reveals more than what they do say. 

The Security Context 

In cybersecurity work, this principle becomes especially critical. Security threats often announce themselves through subtle anomalies before they show up in security event logs. User behavior that’s technically within policy but somehow feels wrong. Vendor relationships where the enthusiasm seems manufactured. Compliance conversations where people are checking boxes but not engaging with the substance. 

We work with organizations across healthcare and accounting sectors, industries where security isn’t just an IT concern but a regulatory and reputational imperative. In these environments, I’ve learned that the first indication of a security cultural problem rarely appears in a security metric. 

It appears in how staff talk about security policies when they think no one is listening. In the slight eye roll when mandatory training gets mentioned. In the creative ways people find to work around controls they find burdensome. In the questions they don’t ask during security awareness sessions. 

You can have perfect compliance scores and still have a security culture that’s fundamentally broken. The scores tell you people are completing the required activities. They don’t tell you whether anyone actually cares, whether the activities are changing behavior, or whether people view security as a genuine priority or just another corporate checkbox. 

When we conduct security assessments, the technical scans and compliance audits are important. But some of the most valuable intelligence comes from casual conversations with staff. How do they describe their relationship with IT? What’s their tone when discussing security procedures? Do they frame security as “us” or “them”? Do they volunteer examples of good security practices, or do they share stories of how burdensome the controls are? 

None of this shows up in a penetration test report. All of it matters enormously to actual security outcomes. 

The Vendor Relationship Signal 

One pattern I’ve observed repeatedly: vendor relationships often deteriorate long before any formal metrics indicate a problem. The account manager who used to respond to emails within an hour now takes a day. The enthusiasm in quarterly business reviews feels rehearsed rather than genuine. They stop mentioning their product roadmap and focus more on their pricing flexibility—a signal that growth has stalled and they’re in retention mode. 

When a longtime technology partner started sending junior staff to our meetings instead of the principals we’d worked with for years, no metric flagged it as significant. But it told us their internal priorities had shifted. We were no longer strategic to them, which meant we needed to re-evaluate whether they remained strategic to us. 

Similarly, when a security vendor’s technical team started pushing back on our questions about their detection capabilities, becoming defensive rather than collaborative, it signaled something had changed. The metrics they provided looked fine. Their service level agreements were being met. But the relationship dynamic had shifted from partnership to provider-client transaction. That shift mattered more than any quarterly report they delivered. 

The Team Dynamic Indicator 

Inside organizations, unspoken signals are equally revealing. A team meeting where everyone nods agreement but no one volunteers for the implementation. A strategic initiative where people comply with the process but show no ownership of the outcome. A new policy that gets technically followed but quietly resented. 

I’ve learned to pay special attention to what leadership teams don’t discuss. The strategic issue that keeps getting pushed to next quarter’s agenda. The personnel problem everyone dances around but never addresses directly. The department conflict that gets mentioned obliquely through euphemisms but never confronted. 

These omissions tell you more about organizational health than most engagement surveys. They reveal where the real taboos lie, what topics people consider too risky to address, and where the organization has developed elaborate social norms around avoidance. 

When a leadership team can’t have direct conversations about difficult topics, that inability will cascade through every level of the organization. You’ll end up with elaborate systems of indirect communication, where everyone knows what the real problems are, but everyone also knows you’re not supposed to say it explicitly. 

Reading Relationship Dynamics 

Business relationships communicate their health through patterns that don’t appear in satisfaction surveys or account metrics. The challenge is developing the awareness to notice when normal patterns shift. 

A partner who normally engages deeply with strategic discussions suddenly becomes passive, accepting recommendations without the usual thoughtful questions. Someone who’s been relationship-focused starts becoming contract-focused. Communication that was usually direct starts including more documentation and cc’s. 

These shifts don’t necessarily mean disaster. Sometimes they reflect changing internal pressures or reorganizations that have nothing to do with your performance. But they’re worth noticing and addressing, because they indicate something has changed in how the other party is thinking about the relationship. 

The key is establishing what “normal” looks like for each important relationship, then paying attention when patterns deviate. A client who always responds quickly might be signaling something if they suddenly start taking days. A vendor who’s always been collaborative might be under new pressure if they become defensive about questions they used to welcome. 

The Remote Work Challenge 

The shift to remote and hybrid work has made this kind of signal reading more difficult but no less important. Video calls capture some social cues that email misses, but they filter out others. You can’t sense the energy in a virtual room the way you can in person. You can’t have the hallway conversation that reveals what’s really on someone’s mind. 

This is why I’m skeptical of fully remote organizations that rely primarily on asynchronous communication through email and messaging platforms. You can run efficient operations this way. You can hit your metrics. But you lose access to an entire channel of organizational intelligence that exists in real-time human interaction. 

When everything is documented in writing, people become more careful about what they say. Messages get edited and refined. Spontaneity gets replaced with polish. And in that editing process, a lot of valuable signal gets filtered out. 

This isn’t an argument against remote work—it’s an argument for being intentional about creating spaces where unguarded, unfiltered communication can happen. The video call where you spend the first five minutes just catching up. The one-on-one where the agenda is loose enough for the conversation to wander. The team meeting where you explicitly ask not what went right according to the plan, but what almost went wrong that nobody expected. 

The Limits of Sentiment Analysis 

Some organizations have tried to solve this problem through technology. Sentiment analysis tools promise to analyze email communication, Slack messages, or customer support tickets to identify emotional undertones and relationship health. 

These tools have some value, but they can’t replace human judgment for several reasons. First, they can only analyze what gets written down. The most revealing conversations often happen verbally. Second, people adjust their communication style when they know it’s being analyzed. Third, context matters enormously—the same words can mean different things depending on relationship history, industry norms, and individual communication styles. 

I’m not against using these tools as one data point. But treating sentiment scores as a substitute for actual human awareness is dangerous. It creates false confidence that you’re seeing the whole picture when you’re actually just seeing a slightly more sophisticated version of traditional metrics. 

Cultivating Awareness 

So how do you develop this capacity to read what isn’t being said? The first step is recognizing its importance and allocating attention to it. Most leaders are overwhelmed with data demanding their attention. Making space for unquantified observation requires conscious effort. 

This means spending time in unstructured interaction with your team, your clients, and your vendors. Not every meeting needs an agenda and measurable outcomes. Sometimes the most valuable hour you spend is the one where you’re just present and paying attention to how things feel. 

It means trusting your instincts when something seems off, even if you can’t point to a specific data point that confirms it. Not every concern needs to be statistically validated before you take it seriously. Sometimes “this doesn’t feel right” is legitimate business intelligence. 

It means cultivating relationships with people at different levels and in different roles. The executive briefing gives you one view of reality. The hallway conversation with a frontline employee gives you another. The informal chat with a long-tenured customer service representative gives you a third. You need all of these perspectives to triangulate what’s actually happening. 

It also means building organizational cultures where people feel safe bringing up concerns that aren’t backed by data. When your team learns that you only respond to quantified problems, they’ll stop telling you about the things they sense but can’t prove. You’ll end up with an organization that’s data-rich but insight-poor. 

The Partnership Advantage 

This is one of the less obvious advantages of the co-managed security model we practice at Responsive Technology Partners. When you work alongside a client’s internal IT team rather than replacing them, you get access to organizational intelligence that would be invisible to a purely external vendor. 

The internal team knows which executives actually care about security and which ones just want to check the compliance box. They know which departments will resist new controls and which ones will embrace them. They know the unwritten political dynamics that will make or break any security initiative. 

This institutional knowledge doesn’t appear in any technical assessment or risk analysis. But it’s often more important to successful security outcomes than the technical details. You can design a perfect security architecture on paper, but if you don’t understand the human and political dynamics of how it will actually be implemented, you’re likely to fail. 

The best security partnerships combine external technical expertise with internal organizational knowledge. The specialist brings depth of security knowledge that most internal teams can’t maintain. The internal team brings contextual understanding that no external vendor can replicate. Together, they can see a more complete picture than either could see alone. 

Balancing Data and Intuition 

None of this is an argument against data-driven decision making. Data discipline is essential. Metrics matter. Analytics provide value. The organizations that abandon data in favor of pure intuition make terrible decisions. 

But the organizations that rely exclusively on data make different kinds of terrible decisions. They miss warning signs that aren’t quantified. They optimize for measurable outcomes while letting unmeasurable factors deteriorate. They confuse precision with accuracy—they know exactly what their metrics are showing, but they don’t realize their metrics are showing them the wrong things. 

The goal is not to choose between data and intuition. It’s to develop leaders who can hold both simultaneously. Who can look at a dashboard and trust what it shows them, while also listening to the quiet voice saying “something’s not right here.” Who can run the numbers and still pay attention to how people are responding to the strategy, not just whether they’re executing it. 

In cybersecurity specifically, this balance is critical. You need the data to understand your technical security posture. You need the metrics to track whether controls are being followed. But you also need the human awareness to sense when your security culture is healthy or when it’s become a compliance theater that provides the appearance of security without the substance. 

The Path Forward 

As artificial intelligence and automation continue to reshape how we work, this capacity for reading unspoken signals becomes more rather than less important. AI is excellent at analyzing explicit data. It can find patterns in vast datasets that humans would never spot. But it struggles with context, nuance, and the thousand subtle signals that exist in the space between data points. 

The leaders who thrive going forward will be those who can leverage AI’s analytical capabilities while maintaining their distinctly human ability to read rooms, sense undercurrents, and notice what isn’t being said. They’ll use data to inform their decisions while trusting their judgment about what the data might be missing. 

This isn’t a romantic notion about the irreplaceable human touch. It’s a practical recognition that business happens between people, and people communicate in layers. The explicit layer—the words, the data, the formal communications—is important. But so is the implicit layer—the tone, the timing, the silences, the things people carefully avoid mentioning. 

Both layers matter. Both contain critical business intelligence. The mistake is assuming that only the explicit layer is real or that you can fully quantify the implicit layer without losing what makes it valuable. 

So by all means, look at your dashboards. Run your analytics. Track your metrics. But also spend time with your people. Pay attention to how conversations feel, not just what they contain. Notice what topics people avoid. Listen for hesitation, for enthusiasm, for the subtle shift in tone that tells you something important has changed. 

Some of the most important things happening in your organization will never show up in a report. Your job as a leader is to see them anyway. 

Tom Glover is Chief Revenue Officer at Responsive Technology Partners, specializing in cybersecurity and risk management. With over 35 years of experience helping organizations navigate the complex intersection of technology and risk, Tom provides practical insights for business leaders facing today’s security challenges.